[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-4.0.1-30-g89b656d

OISF Git noreply at openinfosecfoundation.org
Mon Nov 20 17:35:26 UTC 2017

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master has been updated
       via  89b656d8eed0c8ebddc960a06f0434819abdc673 (commit)
       via  63e1371c8bd26f684a3e9afe3849e1d737435194 (commit)
       via  cb70d85c692df3e96495fa427429782add092d4d (commit)
       via  094632730ee2230ad3b2b690ea1daa528a421d8f (commit)
       via  2e27a5df6b6cee7a3fdd4b6e0709a38f925ac4ad (commit)
      from  f3fea60bae3e61f27870ccc7b7f00591b8f6a188 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 89b656d8eed0c8ebddc960a06f0434819abdc673
Author: Danny Browning <danny.browning at protectwise.com>
Date:   Mon Nov 6 16:10:02 2017 -0700

    unix socket: don't loose events when offline
    Fixes issue with events being dropped since socket was non-blocking for
    offline run modes.
    Add a method for determining offline from run mode. Make sure SCInstance
    offline is set correctly. Use current run mode to set socket flags.

commit 63e1371c8bd26f684a3e9afe3849e1d737435194
Author: Alexander Gozman <a.gozman at securitycode.ru>
Date:   Thu Nov 9 11:55:47 2017 +0000

    syslog: treat SC_LOG_PERF messages as LOG_DEBUG
    SCLogMapLogLevelToSyslogLevel(): treat SC_LOG_PERF messages as LOG_DEBUG
    Previously, when logging to syslog, perf events had a default EMERG priority,
    which could be a bit confusing.

commit cb70d85c692df3e96495fa427429782add092d4d
Author: Wolfgang Hotwagner <code at feedyourhead.at>
Date:   Sun Nov 19 14:05:04 2017 +0000

    conf: fix NULL-pointer dereference in CoredumpLoadConfig
    An empty value for coredump.max-dump in the config-file leads to a segfault because of a NULL-pointer dereference in CoredumpLoadConfig().
    Here is a configuration example:
    coredump.max-dump: []
    This lets suricata crash with a segfault:
    ==9412==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f22e851aa28 bp 0x7ffd90006fc0 sp 0x7ffd90006740 T0)
        0 0x7f22e851aa27 in strcasecmp (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x51a27)
        1 0x5608a7ec0108 in CoredumpLoadConfig /root/suricata-1/src/util-coredump-config.c:52
        2 0x5608a7e8bb22 in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2752
        3 0x5608a7e8c577 in main /root/suricata-1/src/suricata.c:2892
        4 0x7f22e4c622b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
        5 0x5608a7a30c59 in _start (/usr/local/bin/suricata+0xc4c59)
    Bug #2276

commit 094632730ee2230ad3b2b690ea1daa528a421d8f
Author: Wolfgang Hotwagner <code at feedyourhead.at>
Date:   Fri Nov 17 23:25:08 2017 +0000

    conf: fix NULL-pointer dereference in ConfGetInt
    If there are empty values in the config-file where integer values are expected, strtoimax in the ConfGetInt-function will segfault because of NULL-pointer dereference.
    Here is a configuration example:
    pcre.match-limit: []
    This will let suricata crash with a segfault.
    ASAN:DEADLYSIGNAL =================================================================
    16951ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fa690e3ccc5 bp 0x000000000000 sp 0x7ffd0d770ad0 T0)
    0 0x7fa690e3ccc4 (/lib/x86_64-linux-gnu/libc.so.6+0x36cc4)
    1 0x7fa6946a6534 in strtoimax (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x44534)
    2 0x55e0aeba6499 in ConfGetInt /root/suricata-1/src/conf.c:390
    3 0x55e0aed2545d in DetectPcreRegister /root/suricata-1/src/detect-pcre.c:99
    4 0x55e0aec1b4ce in SigTableSetup /root/suricata-1/src/detect.c:3783
    5 0x55e0aeeed58d in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2690
    6 0x55e0aeeee4f2 in main /root/suricata-1/src/suricata.c:2892
    7 0x7fa690e262b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    8 0x55e0aea92d39 in _start (/usr/local/bin/suricata+0xc7d39)
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x36cc4)
    This commit fixes Ticket #2275

commit 2e27a5df6b6cee7a3fdd4b6e0709a38f925ac4ad
Author: Wolfgang Hotwagner <code at feedyourhead.at>
Date:   Fri Nov 17 17:47:41 2017 +0000

    conf: fix NULL-pointer dereference in ParseSizeString
    If someone accidently writes invalid characters in some parts of the suricata.yaml-configfile, the size-parameter of the ParseSizeString-function becomes NULL and gets dereferenced. Suricata crashes with SEGV. This commit fixes Ticket #2274
    The following config value leads to a Segfault:
    app-layer.protocols.smtp.inspected-tracker.content-inspect-window: *4096


Summary of changes:
 src/conf.c                 |  6 ++++++
 src/runmodes.c             | 14 ++++++++++++++
 src/runmodes.h             |  2 ++
 src/suricata.c             | 11 ++---------
 src/suricata.h             |  1 -
 src/util-coredump-config.c |  4 ++++
 src/util-debug.c           |  1 +
 src/util-logopenfile.c     |  2 +-
 src/util-misc.c            | 12 ++++++++++++
 9 files changed, 42 insertions(+), 11 deletions(-)


More information about the Oisf-devel mailing list